/*
 * Demoiselle Framework
 * Copyright (C) 2011 SERPRO
 * ----------------------------------------------------------------------------
 * This file is part of Demoiselle Framework.
 * 
 * Demoiselle Framework is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License version 2
 * as published by the Free Software Foundation.
 * 
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program; if not,  see <http://www.gnu.org/licenses/>
 * or write to the Free Software Foundation, Inc., 51 Franklin Street,
 * Fifth Floor, Boston, MA  02110-1301, USA.
 * ----------------------------------------------------------------------------
 * Este arquivo é parte do Framework Demoiselle.
 * 
 * O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou
 * modificá-lo dentro dos termos da Licença Pública Geral GNU como publicada pela Fundação
 * do Software Livre (FSF); na versão 2 da Licença.
 * 
 * Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA
 * GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou
 * APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/GPL em português
 * para maiores detalhes.
 * 
 * Você deve ter recebido uma cópia da Licença Pública Geral GNU, sob o título
 * "LICENCA.txt", junto com esse programa. Se não, acesse o Portal do Software Público
 * Brasileiro no endereço www.softwarepublico.gov.br ou escreva para a Fundação do Software
 * Livre (FSF) Inc., 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA.
 
 * @author Tarcizio Vieira Neto (tarcizio.vieira@owasp.org) <a href="http://www.serpro.gov.br">SERPRO</a>
 * @created 2011
 */

package br.gov.frameworkdemoiselle.security.authentication;

import java.util.Set;

import javax.enterprise.inject.Alternative;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.owasp.esapi.errors.AuthenticationException;
import org.owasp.esapi.errors.EncryptionException;

import br.gov.frameworkdemoiselle.security.Authenticator;
import br.gov.frameworkdemoiselle.security.User;

@Alternative
public class EsapiWrapperAuthenticator implements br.gov.frameworkdemoiselle.security.Authenticator, org.owasp.esapi.Authenticator {

	private static final long serialVersionUID = 1L;

	private org.owasp.esapi.Authenticator authenticatorWrapper = null;
			
	@Inject
	public EsapiWrapperAuthenticator(org.owasp.esapi.Authenticator authenticator) {
		this.authenticatorWrapper = authenticator;
	}
	
	public EsapiWrapperAuthenticator() {
		this (ESAPIFileBasedAuthenticator.getInstance());
	}

	/* 
	 * Implementation of Demoiselle Framework Authenticator methods 
	 * from interface: br.gov.frameworkdemoiselle.security.Authenticator
	 * 
	 * */
	
	@Override
	public boolean authenticate() {
		boolean success = false;

		try {
			authenticatorWrapper.login();			
						
			success = true;
		} catch (AuthenticationException cause) {
			success = false;
		}

		return success;
	}

	@Override
	public void unAuthenticate() {
		authenticatorWrapper.logout();
	}

	@Override
	public User getUser() {
		return (BasicUser)authenticatorWrapper.getCurrentUser();
	}

	/* 
	 * Implementation of OWASP ESAPI Authenticator methods 
	 * from interface: org.owasp.esapi.Authenticator
	 * 
	 * */
	@Override
	public void clearCurrent() {
		authenticatorWrapper.clearCurrent();
		
	}

	@Override
	public org.owasp.esapi.User login() throws AuthenticationException {		
		return authenticatorWrapper.login();
	}

	@Override
	public org.owasp.esapi.User login(HttpServletRequest request, HttpServletResponse response)
			throws AuthenticationException {		
		return authenticatorWrapper.login(request,response);
	}

	@Override
	public boolean verifyPassword(org.owasp.esapi.User user, String password) {
		
		return authenticatorWrapper.verifyPassword(user, password);
	}

	@Override
	public void logout() {
		authenticatorWrapper.logout();		
	}

	@Override
	public org.owasp.esapi.User createUser(String accountName, String password1, String password2)
			throws AuthenticationException {		
		return authenticatorWrapper.createUser(accountName, password1, password2);
	}

	@Override
	public String generateStrongPassword() {
		return authenticatorWrapper.generateStrongPassword();
	}

	@Override
	public String generateStrongPassword(org.owasp.esapi.User user, String oldPassword) {		
		return authenticatorWrapper.generateStrongPassword(user, oldPassword);
	}

	@Override
	public void changePassword(org.owasp.esapi.User user, String currentPassword, String newPassword,
			String newPassword2) throws AuthenticationException {
		
		authenticatorWrapper.changePassword(user, currentPassword, newPassword, newPassword2);		
	}

	@Override
	public org.owasp.esapi.User getUser(long accountId) {
		return authenticatorWrapper.getUser(accountId);
	}

	@Override
	public org.owasp.esapi.User getUser(String accountName) {
		return authenticatorWrapper.getUser(accountName);
	}

	@Override
	public Set getUserNames() {
		return authenticatorWrapper.getUserNames();
	}

	@Override
	public org.owasp.esapi.User getCurrentUser() {		
		return authenticatorWrapper.getCurrentUser();
	}

	@Override
	public void setCurrentUser(org.owasp.esapi.User user) {
		authenticatorWrapper.setCurrentUser(user);
		
	}

	@Override
	public String hashPassword(String password, String accountName) throws EncryptionException {		
		return authenticatorWrapper.hashPassword(password, accountName);
	}

	@Override
	public void removeUser(String accountName) throws AuthenticationException {
		authenticatorWrapper.removeUser(accountName);		
	}

	@Override
	public void verifyAccountNameStrength(String accountName) throws AuthenticationException {
		authenticatorWrapper.verifyAccountNameStrength(accountName);		
	}	

	@Override
	public boolean exists(String accountName) {		
		return authenticatorWrapper.exists(accountName);
	}

	@Override
	public void verifyPasswordStrength(String pass1, String pass2, org.owasp.esapi.User user)
			throws AuthenticationException {
		this.verifyPasswordStrength(pass1, pass2, user);
	}

}
